Common use of Data Segregation Clause in Contracts

Data Segregation. HCA’s Data received under this Contract must be segregated or otherwise distinguishable from non- HCA Data. This is to ensure that when no longer needed by the Contractor, all of HCA’s Data can be identified for return or destruction. It also aids in determining whether HCA’s Data has or may have been compromised in the event of a security breach. A. HCA’s Data must be kept in one of the following ways: i. on media (e.g. hard disk, optical disc, tape, etc.) which will contain only HCA Data; or ii. in a logical container on electronic media, such as a partition or folder dedicated to HCA’s Data; or iii. in a database that will contain only HCA Data; or iv. within a database and will be distinguishable from non-HCA Data by the value of a specific field or fields within database records; or v. when stored as physical paper documents, physically segregated from non-HCA Data in a drawer, folder, or other container. B. When it is not feasible or practical to segregate HCA’s Data from non-HCA data, then both HCA’s Data and the non-HCA data with which it is commingled must be protected as described in this Attachment. C. Contractor must designate and be able to identify all computing equipment on which they store, process and maintain HCA Data. No Data at any time may be processed on or transferred to any portable storage medium. Laptop/tablet computing devices are not considered portable storage medium devices for purposes of this Contract provided it is installed with end-point encryption.

Data Segregation. 4.1 HCA’s Data received under this Contract must be segregated or otherwise distinguishable from non- non-HCA Data. This is to ensure that when no longer needed by the Contractor, all of HCA’s Data can be identified for return or destruction. It also aids in determining whether HCA’s Data has or may have been compromised in the event of a security breach. A. . HCA’s Data must be kept in one of the following ways: i. A. on media (e.g. hard disk, optical disc, tape, etc.) which will contain only HCA Data; or ii. B. in a logical container on electronic media, such as a partition or folder dedicated to HCA’s Data; or iii. C. in a database that will contain only HCA Data; or iv. D. within a database and will be distinguishable from non-HCA Data by the value of a specific field or fields within database records; or v. E. when stored as physical paper documents, physically segregated from non-HCA Data in a drawer, folder, or other container. B. 4.2 When it is not feasible or practical to segregate HCA’s Data from non-HCA data, then both HCA’s Data and the non-HCA data with which it is commingled must be protected as described in this Attachment. C. 4.3 Contractor must designate and be able to identify all computing equipment on which they store, process process, and maintain HCA Data. No Data at any time may be processed on or transferred to any portable storage medium. Laptop/tablet computing devices are not considered portable storage medium devices for purposes of this Contract provided it is installed with end-point encryption.

Data Segregation. HCA’s i. HCA Data received under this Contract Agreement must be segregated or otherwise distinguishable from non- non-HCA Data. This is to ensure that when no longer needed by the Contractor, all of HCA’s Data can be identified for return or destruction. It also aids in determining whether HCA’s Data has or may have been compromised in the event of a security breach. A. ii. HCA’s Data must be kept in one of the following ways: i. on : • On media (e.g. hard disk, optical disc, tape, etc.) which will contain contains only HCA Data; or ii. in • In a logical container on electronic media, such as a partition or folder dedicated to HCA’s Data; or iii. in • In a database that will contain contains only HCA Data; or iv. within • Within a database and will – HCA data must be distinguishable from non-non- HCA Data by the value of a specific field or fields within database records; or v. when stored as physical paper documents, physically • Physically segregated from non-HCA Data in a drawer, folder, or other containercontainer when stored as physical paper documents. B. iii. When it is not feasible or practical to segregate HCA’s Data from non-non- HCA data, then both HCA’s Data and the non-HCA data with which it HCA’s Data is commingled must be protected as described in this AttachmentExhibit. C. iv. Contractor must designate and be able to identify all computing equipment on which they store, process process, and maintain HCA Data. No Data at any time may be processed on or transferred to any portable storage medium. Laptop/tablet computing devices are not considered portable storage medium devices for purposes of this Contract provided it is installed with end-point encryption.

Data Segregation. HCA’s Data received under this Contract must be segregated or otherwise distinguishable from non- HCA Data. This is to ensure that when no longer needed by the Contractor, all of HCA’s Data can be identified for return or destruction. It also aids in determining whether HCA’s Data has or may have been compromised in the event of a security breach. A. 4.1 HCA’s Data must be kept in one of the following ways: i. A. on media (e.g. hard disk, optical disc, tape, etc.) which will contain only HCA Data; or ii. B. in a logical container on electronic media, such as a partition or folder dedicated to HCA’s Data; or iii. C. in a database that will contain only HCA Data; or iv. D. within a database and will be distinguishable from non-HCA Data by the value of a specific field or fields within database records; or v. E. when stored as physical paper documents, physically segregated from non-HCA Data in a drawer, folder, or other container. B. 4.2 When it is not feasible or practical to segregate HCA’s Data from non-HCA data, then both HCA’s Data and the non-HCA data with which it is commingled must be protected as described in this Attachment. C. 4.3 Contractor must designate and be able to identify all computing equipment on which they store, process and maintain HCA Data. No Data at any time may be processed on or transferred to any portable storage medium. Laptop/tablet computing devices are not considered portable storage medium devices for purposes of this Contract provided it is installed with end-point encryption.

Data Segregation. HCA’s Data received under this Contract DSA must be segregated or otherwise distinguishable from non- non-HCA Data. This is to ensure that when no longer needed by the Contractor, all of HCA’s Data can be identified for return or destruction. It also aids in determining whether HCA’s Data has or may have been compromised in the event of a security breach. A. a. HCA’s Data must be kept in one of the following ways: i. on media (e.g. hard disk, optical disc, tape, etc.) which will contain only HCA Data; or ii. i. in a logical container on electronic media, such as a partition or folder dedicated to HCA’s Data; or iiiii. in a database that will contain only HCA Data; or iviii. within a database and will be distinguishable from non-HCA Data by the value of a specific field or fields within database records; or v. iv. when stored as physical paper documents, physically segregated from non-HCA Data in a drawer, folder, or other container. B. b. When it is not feasible or practical to segregate HCA’s Data from non-HCA data, then both HCA’s Data and the non-HCA data with which it is commingled must be protected as described in this Attachment. C. c. Contractor must designate and be able to identify all computing equipment on which they store, process and maintain HCA Data. No Data at any time may be processed on or transferred to any portable storage medium. Laptop/tablet computing devices are not considered portable storage medium devices for purposes of this Contract DSA provided it is installed with end-point encryption.

Data Segregation. HCA’s Data received under this Contract DSA must be segregated or otherwise distinguishable from non- non-HCA Data. This is to ensure that when no longer needed by the Contractor, all of HCA’s Data can be identified for return or destruction. It also aids in determining whether HCA’s Data has or may have been compromised in the event of a security breach. A. a. HCA’s Data must be kept in one of the following ways: i. on media (e.g. hard disk, optical disc, tape, etc.) which will contain only HCA Data; or ii. in a logical container on electronic media, such as a partition or folder dedicated to HCA’s Data; or iii. in a database that will contain only HCA Data; or iv. within a database and will be distinguishable from non-HCA Data by the value of a specific field or fields within database records; or v. when stored as physical paper documents, physically segregated from non-HCA Data in a drawer, folder, or other container. B. b. When it is not feasible or practical to segregate HCA’s Data from non-HCA data, then both HCA’s Data and the non-HCA data with which it is commingled must be protected as described in this Attachment. C. c. Contractor must designate and be able to identify all computing equipment on which they store, process and maintain HCA Data. No Data at any time may be processed on or transferred to any portable storage medium. Laptop/tablet computing devices are not considered portable storage medium devices for purposes of this Contract DSA provided it is installed with end-point encryption.